I have a business, and I want to set up a server so that my customers' information will be secure while they are shopping online. What security program do you recommend that I install? How do I go about it?
Unfortunately, there is no easy answer to your question. There are several guidelines for securing servers depending upon whether they are Unix-based Apache servers or Microsoft IIS servers. These are available from
NSA and other places. There is also a tip on searchSecurity for
protecting your Web servers.
Clearly, you will want all sensitive traffic to be protected by SSL or other encryption between your customers and your Web server. If any information is stored on the Web server, it should be encrypted. If you are using third party hosting services, you will need to find a way to get that information back to you securely. You might be interested in a paper I wrote in 1999 entitled,
Are Secure Internet Transactions Really Secure?
However, there is no single magic program to install that makes your server secure.
For more information on this topic, visit these other searchSecurity resources:
Web Security Tip: SQL Server user-security checklist
Web Security Tip: ASP.NET authentication: Three new options for Web services
Infosec Bookshelf: SQL Server Security -- Chapter 2, Under Siege: How SQL Server is Hacked
Dig Deeper on Web Server Threats and Countermeasures
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.